Commit76a8cf6

johnstcn

and

bpmct

committed

chore(docs): fix inconsistencies in external provisioner docs (#15416)

This PR:- Updates the table in `docs/admin/provisioners.md` to include highlightmulti-org changes- Updates the instructions for the provisionerd helm chart when usingprovisioner keys---------Co-authored-by: Ben Potter <ben@coder.com>(cherry picked from commit9f05b19)

1 parent1acfd2a commit76a8cf6Copy full SHA for 76a8cf6

File tree

2 files changed

+44

-52

lines changed

coderd/provisionerdserver
- acquirer_test.go
docs/admin
- provisioners.md

2 files changed

+44

-52

lines changed

`‎coderd/provisionerdserver/acquirer_test.go`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -523,8 +523,8 @@ func TestAcquirer_MatchTags(t *testing.T) {`
`523`	`523`	`// Generate a table that can be copy-pasted into docs/admin/provisioners.md`
`524`	`524`	`lines:= []string{`
`525`	`525`	`"\n",`
`526`		`-"\| Provisioner Tags \| Job Tags \| Can Run Job? \|",`
`527`		`-"\|------------------\|----------\|--------------\|",`
	`526`	`+"\| Provisioner Tags \| Job Tags \|Same Org \|Can Run Job? \|",`
	`527`	`+"\|------------------\|----------\|----------\|--------------\|",`
`528`	`528`	`}`
`529`	`529`	`// turn the JSON map into k=v for readability`
`530`	`530`	`kvs:=func(mmap[string]string)string {`
`@@ -539,10 +539,14 @@ func TestAcquirer_MatchTags(t *testing.T) {`
`539`	`539`	`}`
`540`	`540`	`for_,tt:=rangetestCases {`
`541`	`541`	`acquire:="✅"`
	`542`	`+sameOrg:="✅"`
`542`	`543`	`if!tt.expectAcquire {`
`543`	`544`	`acquire="❌"`
`544`	`545`	`}`
`545`		`-s:=fmt.Sprintf("\| %s \| %s \| %s \|",kvs(tt.acquireJobTags),kvs(tt.provisionerJobTags),acquire)`
	`546`	`+iftt.unmatchedOrg {`
	`547`	`+sameOrg="❌"`
	`548`	`+}`
	`549`	`+s:=fmt.Sprintf("\| %s \| %s \| %s \| %s \|",kvs(tt.acquireJobTags),kvs(tt.provisionerJobTags),sameOrg,acquire)`
`546`	`550`	`lines=append(lines,s)`
`547`	`551`	`}`
`548`	`552`	`t.Logf("You can paste this into docs/admin/provisioners.md")`

`‎docs/admin/provisioners.md`

Lines changed: 37 additions & 49 deletions

Original file line number	Diff line number	Diff line change
`@@ -178,15 +178,17 @@ A provisioner can run a given build job if one of the below is true:`
`178`	`178`	`1. If a job has any explicit tags, it can only run on a provisioner with those`
`179`	`179`	`explicit tags (the provisioner could have additional tags).`
`180`	`180`
`181`		`-The external provisionerin the above example can run buildjobs with tags:`
	`181`	`+The external provisionerin the above example can run buildjobsin the same`
	`182`	`+organization with tags:`
`182`	`183`
`183`	`184`	-`environment=on_prem`
`184`	`185`	-`datacenter=chicago`
`185`	`186`	-`environment=on_prem datacenter=chicago`
`186`	`187`
`187`	`188`	`However, it will not pick up any buildjobs thatdo not have either of the`
`188`	`189`	`environment` or`datacenter` tags set. It will also not pick up any buildjobs
`189`		-from templates with the tag`scope=user` set.
	`190`	+from templates with the tag`scope=user` set, or buildjobs from templatesin
	`191`	`+different organizations.`
`190`	`192`
`191`	`193`	`> [!NOTE] If you only run tagged provisioners, you will need to specify aset of`
`192`	`194`	`> tags that matches at least one provisionerfor _all_ template importjobs and`
@@ -198,34 +200,35 @@ from templates with the tag `scope=user` set.
`198`	`200`
`199`	`201`	`This is illustratedin the below table:`
`200`	`202`
`201`		`-\| Provisioner Tags\| Job Tags\| Can Run Job?\|`
`202`		`-\| -----------------------------------------------------------------\| ----------------------------------------------------------------\| ------------\|`
`203`		`-\| scope=organization owner=\| scope=organization owner=\| ✅\|`
`204`		`-\| scope=organization owner= environment=on-prem\| scope=organization owner= environment=on-prem\| ✅\|`
`205`		`-\| scope=organization owner= environment=on-prem datacenter=chicago\| scope=organization owner= environment=on-prem\| ✅\|`
`206`		`-\| scope=organization owner= environment=on-prem datacenter=chicago\| scope=organization owner= environment=on-prem datacenter=chicago\| ✅\|`
`207`		`-\| scope=user owner=aaa\| scope=user owner=aaa\| ✅\|`
`208`		`-\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa\| ✅\|`
`209`		`-\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa environment=on-prem\| ✅\|`
`210`		`-\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem\| ✅\|`
`211`		`-\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem datacenter=chicago\| ✅\|`
`212`		`-\| scope=organization owner=\| scope=organization owner= environment=on-prem\| ❌\|`
`213`		`-\| scope=organization owner= environment=on-prem\| scope=organization owner=\| ❌\|`
`214`		`-\| scope=organization owner= environment=on-prem\| scope=organization owner= environment=on-prem datacenter=chicago\| ❌\|`
`215`		`-\| scope=organization owner= environment=on-prem datacenter=new_york\| scope=organization owner= environment=on-prem datacenter=chicago\| ❌\|`
`216`		`-\| scope=user owner=aaa\| scope=organization owner=\| ❌\|`
`217`		`-\| scope=user owner=aaa\| scope=user owner=bbb\| ❌\|`
`218`		`-\| scope=organization owner=\| scope=user owner=aaa\| ❌\|`
`219`		`-\| scope=organization owner=\| scope=user owner=aaa environment=on-prem\| ❌\|`
`220`		`-\| scope=user owner=aaa\| scope=user owner=aaa environment=on-prem\| ❌\|`
`221`		`-\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa environment=on-prem datacenter=chicago\| ❌\|`
`222`		`-\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem datacenter=new_york\| ❌\|`
	`203`	`+\| Provisioner Tags\| Job Tags\| Same Org\| Can Run Job?\|`
	`204`	`+\| -----------------------------------------------------------------\| ----------------------------------------------------------------\| --------\| ------------\|`
	`205`	`+\| scope=organization owner=\| scope=organization owner=\| ✅\| ✅\|`
	`206`	`+\| scope=organization owner= environment=on-prem\| scope=organization owner= environment=on-prem\| ✅\| ✅\|`
	`207`	`+\| scope=organization owner= environment=on-prem datacenter=chicago\| scope=organization owner= environment=on-prem\| ✅\| ✅\|`
	`208`	`+\| scope=organization owner= environment=on-prem datacenter=chicago\| scope=organization owner= environment=on-prem datacenter=chicago\| ✅\| ✅\|`
	`209`	`+\| scope=user owner=aaa\| scope=user owner=aaa\| ✅\| ✅\|`
	`210`	`+\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa\| ✅\| ✅\|`
	`211`	`+\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa environment=on-prem\| ✅\| ✅\|`
	`212`	`+\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem\| ✅\| ✅\|`
	`213`	`+\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem datacenter=chicago\| ✅\| ✅\|`
	`214`	`+\| scope=organization owner=\| scope=organization owner= environment=on-prem\| ✅\| ❌\|`
	`215`	`+\| scope=organization owner= environment=on-prem\| scope=organization owner=\| ✅\| ❌\|`
	`216`	`+\| scope=organization owner= environment=on-prem\| scope=organization owner= environment=on-prem datacenter=chicago\| ✅\| ❌\|`
	`217`	`+\| scope=organization owner= environment=on-prem datacenter=new_york\| scope=organization owner= environment=on-prem datacenter=chicago\| ✅\| ❌\|`
	`218`	`+\| scope=user owner=aaa\| scope=organization owner=\| ✅\| ❌\|`
	`219`	`+\| scope=user owner=aaa\| scope=user owner=bbb\| ✅\| ❌\|`
	`220`	`+\| scope=organization owner=\| scope=user owner=aaa\| ✅\| ❌\|`
	`221`	`+\| scope=organization owner=\| scope=user owner=aaa environment=on-prem\| ✅\| ❌\|`
	`222`	`+\| scope=user owner=aaa\| scope=user owner=aaa environment=on-prem\| ✅\| ❌\|`
	`223`	`+\| scope=user owner=aaa environment=on-prem\| scope=user owner=aaa environment=on-prem datacenter=chicago\| ✅\| ❌\|`
	`224`	`+\| scope=user owner=aaa environment=on-prem datacenter=chicago\| scope=user owner=aaa environment=on-prem datacenter=new_york\| ✅\| ❌\|`
	`225`	`+\| scope=organization owner= environment=on-prem\| scope=organization owner= environment=on-prem\| ❌\| ❌\|`
`223`	`226`
`224`	`227`	`>Note to maintainers: to generate this table, run the followingcommand and`
`225`	`228`	`> copy the output:`
`226`	`229`	`>`
`227`	`230`	>```
`228`		`-> gotest -v -count=1 ./coderd/provisionerserver/ -test.run='^TestAcquirer_MatchTags/GenTable$'`
	`231`	`+> gotest -v -count=1 ./coderd/provisionerdserver/ -test.run='^TestAcquirer_MatchTags/GenTable$'`
`229`	`232`	>```
`230`	`233`
`231`	`234`	`## Types of provisioners`
`@@ -288,8 +291,7 @@ will use in concert with the Helm chart for deploying the Coder server.`
`288`	`291`	```sh
`289`	`292`	`coder provisioner keys create my-cool-key --org default`
`290`	`293`	`# Optionally, you can specify tags for the provisioner key:`
`291`		`-# coder provisioner keys create my-cool-key --org default --tags location=auh kind=k8s`
`292`		-```
	`294`	`+# coder provisioner keys create my-cool-key --org default --tag location=auh --tag kind=k8s`
`293`	`295`
`294`	`296`	`Successfully created provisioner key kubernetes-key! Save this authentication`
`295`	`297`	`token, it will not be shown again.`
`@@ -300,25 +302,7 @@ will use in concert with the Helm chart for deploying the Coder server.`
`300`	`302`	`1. Store the keyin a kubernetes secret:`
`301`	`303`
`302`	`304`	```sh
`303`		- kubectl create secret generic coder-provisioner-psk --from-literal=key1=`<key omitted>`
`304`		-```
`305`		`-`
`306`		-1. Modify your Coder`values.yaml` to include
`307`		`-`
`308`		-```yaml
`309`		`- provisionerDaemon:`
`310`		`- keySecretName:"coder-provisioner-keys"`
`311`		`- keySecretKey:"key1"`
`312`		-```
`313`		`-`
`314`		-1. Redeploy Coder with the new`values.yaml` to roll out the PSK. You can omit
`315`		-`--version<your version>` to also upgrade Coder to the latest version.
`316`		`-`
`317`		-```sh
`318`		`- helm upgrade coder coder-v2/coder \`
`319`		`- --namespace coder \`
`320`		`- --version<your version> \`
`321`		`- --values values.yaml`
	`305`	+ kubectl create secret generic coder-provisioner-psk --from-literal=my-cool-key=`<key omitted>`
`322`	`306`	```
`323`	`307`
`324`	`308`	1. Create a`provisioner-values.yaml` filefor the provisioner daemons Helm
`@@ -331,13 +315,17 @@ will use in concert with the Helm chart for deploying the Coder server.`
`331`	`315`	`value:"https://coder.example.com"`
`332`	`316`	`replicaCount: 10`
`333`	`317`	`provisionerDaemon:`
	`318`	`+# NOTE: in older versions of the Helm chart (2.17.0 and below), it is required to set this to an empty string.`
	`319`	`+ pskSecretName:""`
`334`	`320`	`keySecretName:"coder-provisioner-keys"`
`335`		`- keySecretKey:"key1"`
	`321`	`+ keySecretKey:"my-cool-key"`
`336`	`322`	```
`337`	`323`
`338`	`324`	`This example creates a deployment of 10 provisioner daemons (for 10`
`339`		`- concurrent builds) with the listed tags. For generic provisioners, remove the`
`340`		`- tags.`
	`325`	`+ concurrent builds) authenticating using the above key. The daemons will`
	`326`	`+ authenticate using the provisioner key createdin the previous step and`
	`327`	`+ acquirejobs matching the tags specified when the provisioner key was`
	`328`	`+ created. Theset of tags is inferred automatically from the provisioner key.`
`341`	`329`
`342`	`330`	`> Refer to the`
`343`	`331`	`> [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit76a8cf6

File tree

2 files changed

2 files changed

`‎coderd/provisionerdserver/acquirer_test.go`

`‎docs/admin/provisioners.md`

0 commit comments